问题
I want the support of the following cipher suites in TLS using JCA:
- TLS_PSK_WITH_3DES_EDE_CBC_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA
- TLS_PSK_WITH_NULL_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA256
- TLS_PSK_WITH_NULL_SHA256
They are available in JDK7 but not JDK6, neither BouncyCastle.
If I want the support in JDK6, could I extends JCA to implement the support of these PSK extensions, using SPI, providers and callback methods of JSSE. I can already redefine or add new cipher implementations on runtime, but I'm not sure JCA offers enough granularity to add new cipher suites in TLS.
回答1:
The clean way would be to implement your own SSLSocketFactory.
If you want to try adding I only see the way to modify the internal classes via reflection.
The relevant class is:
com.sun.net.ssl.internal.ssl.CipherSuite
It has an overloaded private static method "add" for adding cipher implementations to the supported list. May be worth a try.
回答2:
Still not sure it is possible or not, but we found an implementation of several TLS PSK cipher suites for the Jessie Library.
来源:https://stackoverflow.com/questions/6264875/define-cipher-suite-for-tls-in-jca